The start of a new year is the perfect time to reevaluate your security practices. 2017 saw a significant rise in ransomware and cyber attacks, with WannaCry and Petya topping the list. More and more emails contain malware, and small businesses are targeted more frequently. Warren Buffett even said that cyber attacks are a bigger threat to humanity than nuclear weapons. With all this going on, its important to ensure that your security practices are comprehensive and properly implemented. Here is a short list of ways you can strengthen your network’s security.
If you do not have multi-factor authentication enabled for every account that offers it, you are behind the curve. This is an easy way to add an extra measure of security to your accounts, making it one step harder for someone to hack. Less than 10% of active Google account users have two-factor authentication enabled. Don’t throw away a valuable and free way of securing your accounts. Reference this article on setting up multi-factor authentication on social media accounts to further secure your personal data.
Backup and Disaster Recovery
If your data is breached, your office floods, or a computer is stolen, you need to be prepared. Having a backup solution in place is like buying insurance for your network. If something unforeseeable happens, you won’t be left with no data at all. Recently, a hospital in Indiana was infected with ransomware. Despite having backups in place, they opted to pay the $55k ransom since restoring from backups would have taken “days and maybe even weeks” to get back up and running. Having a backup solution like DTC’s hybrid cloud backup or backup disaster recovery would have prevented a situation like this. Not every backup solution is the same, just like not every insurance policy is the same. Even so, something is better than nothing when it comes to protecting your essential data.
There has been debate recently on password best practices, but we can all agree that “123456” is the worst password you could possibly choose. You should also avoid predictable phrases and dictionary words – even if you think you’re being clever by replacing some letters with similar looking numbers and symbols. You should use a long password that doesn’t make sense – but remembering a password like this can be difficult. Password managers like LastPass can make your life a bit easier, or you can generate a long, seemingly nonsense password that is easy to remember.
Update and Patch
At the beginning of 2018, the entire computer industry was turned upside down with the discovery of a critical flaw in processor chips that affects nearly every device. Manufacturers scrambled to release updates and patches to mitigate the vulnerability before attackers could exploit them. Unfortunately, it seems like this sort of situation is only going to become more prevalent as technology and hackers become more advanced. The best way for you to keep your computers and networks secure is update, update, update. Don’t ignore notifications from your devices or operating systems encouraging updates. Keep everything, from your phone to your PC to your smart home device, as up to date as possible to avoid vulnerabilities.
Antivirus and Firewall
If you work in a business environment and don’t have business-grade antivirus and firewall, you’re neglecting the security of your network. Free antivirus is not going to effectively secure your system from cyber attacks (by the way, it isn’t HIPAA compliant, either). You need to have a managed – typically hardware – firewall in addition to your antivirus. A firewall prevents unauthorized individuals from accessing your network, making it harder for your system to be hacked.
Be Wary of Attachments and Links
These days, you should rarely trust emails and attachments you receive in your inbox, even if they seem to come from a legitimate source. Phishing attacks are becoming more sophisticated and harder to detect. The best practice is to avoid opening attachments and links from emails, unless you’ve verified with the sender outside of email or digital communication that the email was intentionally sent.
You could implement all of the above security measures and still one unaware employee clicking on a malicious link could bring your network down. We do our best to keep our networks secure, but in the end user awareness is the key to network security. Regular training, security awareness, and fostering a culture of cyber security is the best way to improve user awareness. If it seems suspicious, question it. It’s better to be overly cautious about security than to be overly trusting. And most importantly, don’t make your security policies overly complex. Keeping employee rules simple ensures that they will be easy to follow and therefore effective.
Make 2018 the year that you get your security practices in order. We live in a digital age, with so much riding on our technology and data. Implementing these security measures now could ensure that you avoid cyber attacks and lost data later. If you find yourself struggling or overwhelmed with securing your network, give us a call. We’ve helped our MSP clients implement these and more security measures with great success.